When Discount Tire Co. chose to modernize its point of sale system, it wasn't because it feared the U.S. EMV fraud liability shift or it wanted to ease its compliance with the Payment Card Industry data security standards.
For years, the financial services industry has relied on tactics such as education campaigns, sales pitches and financial penalties to get merchants to upgrade their technology. Ironically, the bad security that led to Target's 2013 data breach may have been the strongest way to deliver this message.
Evan Hunter, product manager for payments and financing at Discount Tire, joined the company two years ago to modernize its payments infrastructure. "We had a pretty clear mandate. That mandate was, 'Stay out of The Wall Street Journal,'" said Hunter, who began his career at a family-owned independent sales organization and has 15 years of experience in the payments industry.
For the past 20 years, Discount Tire relied on older Verifone hardware, the Omni 7000, which Hunter described as "ancient and horrible." Though the retailer had neglected to modernize its payments infrastructure over the years, it maintained a strong relationship with Verifone and ultimately chose to upgrade to Verifone Point, a payment-as-a-service offering, Hunter said in a presentation this week at the National Retail Federation's Big Show in New York.
Just as Hunter's bosses had given him a mandate, he gave Verifone a mandate: "Get us out of the payments business."
The risks of a data breach go well beyond the embarrassment of a bad headline or the fraud on customer accounts. Target's 2013 data breach fundamentally changed the culture at the company. Its CEO and CIO resigned within months of the disclosure, and the retailer was forced to change its stance on EMV security, fast-tracking its migration to ease customer fears.
Even though Discount Tire was not connected to the Target breach, it was dealing with the fallout. Consumers had begun quizzing Discount Tire's staff about how they protect payment card data.
"I've been in the payments space a relatively long time, and I've never seen that before," Hunter said. "We had to do something about our payments infrastructure."
Verifone's Point allowed Discount Tire to solve many of its challenges related to risk management. The service eliminates the retailer's EMV certification burden and made upgrades such as Apple Pay possible with a 25-minute software update (plus a 90-minute on-site review from Apple).
"There was no heavy certification effort, there was no large-scale test effort," Hunter said. "It was a configuration change to my terminals and we're live with Apple Pay" at 51 stores.
The overhaul to Discount Tire's payments infrastructure is ongoing. Later this year, the company will launch a new e-commerce site, and within two years it will have new terminals in place at a thousand stores, Hunter said.
Hunter framed the project as being benefiting customer service as much as it helped security and compliance; after all, it was the customers who were demanding better security in the wake of the Target data breach.
And for a tire company, customer service is always a challenge.
"Buying new tires is, 95% of the time, not something that anybody is excited about doing," Hunter said. The sales process can get almost hostile when, for example, a customer who came in to buy two tires is told that all four need to be replaced.
To ease some of the tension, Discount Tire has started using mobile point of sale devices so that its staff can interact on a friendlier basis with each customer.
"What we're trying to do is shift away from sort of that adversarial counter experience to more of a side-by-side open and welcoming discussion that's very data-driven," Hunter said. "In order to do that we realized really quickly that we're going to have to move to some sort of a mobile tablet or a kiosk."